[Cryptography] Response to weak RNGs in Taiwanese and Estonian digital ID cards?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Oct 26 19:53:35 EDT 2017

Ondrej Mikle <ondrej.mikle at gmail.com> writes:

>As far as I know the RNG in the Infineon cards of Slovak and Estonian IDs is
>different that the ANSI X9.31 generator described in Matthew Green's article.

Ah, you need to distinguish between the X9.31 RSA keygen and the X9.31 RNG,
which is just the X9.17 RNG recycled.  Matt Green's work attacked the X9.31
RNG (I prefer to think of it as the X9.17 RNG, which is what it really is, and
in the context of wholesale banking key management it's perfectly adequate,
pointing out the dangers of cargo cult security design), while the ROCA
weakness presumably targeted the X9.31 RSA keygen.


More information about the cryptography mailing list